Re: V6 still not supported

I would normally not contribute to this, but I think having been a passive participant of the IPng mail lists through the 80s-90s I like the quality of reflecting "did we get what we wanted". I'm not writing here as an RIR employee (which I am) but as somebody who was along for the ride. We didn't

Re: Questions about IRR best practices

mmand because I control the assets" G On Sat, 13 Nov 2021, 11:18 am Rubens Kuhl, wrote: > > > On Fri, Nov 12, 2021 at 9:56 PM George Michaelson > wrote: > >> Wouldn't it be cool if we had a cryptographic mechanism to sign an >> authority to the IRR publisher to eje

Re: Questions about IRR best practices

Wouldn't it be cool if we had a cryptographic mechanism to sign an authority to the IRR publisher to eject old data. Some way you could prove you have control of the asset, and the let the RADB people know you repudiated some old data, made under somebody else's authority which you can't remove

Re: ROA mirror to IRR?

On Wed, Oct 27, 2021 at 6:31 AM Shawn wrote: > > Curious if any IRR databases are mirroring/importing ROA data - creating > route|6 objects from ROA? > > LACNIC requires a route object to be created when creating a ROA. > APNIC you create a route object, then may generate a ROA during that >

Re: QUIC, Connection IDs and NAT

the 5tuple includes protocol so increased adoption of QUIC alongside TCP bound services effectively does increase the potential size of the NAT binding table but if we're really a single-browser model and all going to QUIC enabled webs, the effective outcome is to burn the port space in UDP, not

Re: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

When an RIR asserts geo in Whois, it's derived from the organisational data, but usually/often then self asserted. It was asserted by the delegate, during registration. When an RIR asserts geo in organisational data, it's self-asserted through a filter of things like Dunn & Bradstreet and company

Re: OAuth for RIRs - There is already any Idea like that?

The two proposals for RPKI signed attestatations, RSC and RTA, look candidates for a role this. The primary question is not "who are you" which OAuth is about, it is "what resources do you control, which would inform what we're doing here" -which is what RPKI is about. it's important to be clear,

Re: How to Fix IP GEO for google/youtube tv

Google honour https://tools.ietf.org/html/rfc8805 Which they also authored. A bunch of people are proposing a geofeed: RPSL marker to catalog how to find the feed. -G On Thu, Mar 11, 2021 at 7:38 PM William Guo wrote: > > Google has its internal GeoIP team. > > But the data quality is not so

Re: LOAs for Cross Connects - Something like PeeringDB for XC

The LOA type model is one of the ones we showed on slideware when we presented RTA in IETF, and at the CloudFlare RPKI workshop years ago. The detached signature model inherent in RTA and RSC goes to "you define the business logic" It's not proscriptive. I saw nothing proposed here which I

Re: dumb question: are any of the RIR's out of IPv4 addresses?

On Wed, Feb 17, 2021 at 9:21 AM Christopher Morrow wrote: > > On Tue, Feb 16, 2021 at 6:06 PM Michael Thomas wrote: > > > > > > Basically are there places that you can't get allocations? If so, what > > is happening? > > isn't the answer to this: > "All except AFRNic announced their pools were

Re: dumb question: are any of the RIR's out of IPv4 addresses?

APNIC continues to have a final /8 policy and can allocate or assign up to a /23 to new entrants from its holdings. APNIC reclaims unused IP addresses. https://www.apnic.net/manage-ip/ipv4-exhaustion/ On Wed, Feb 17, 2021 at 9:15 AM Jennifer Sims wrote: > > Pretty sure APNIC is out of

AS0 RPKI system deployed in production (Prop132)

AS0 RPKI system deployed in production (Prop132) The AS0 RPKI system previously in test has now been deployed to production. This completes

Re: crypto frobs

I don't see SKEY style OTP lists as inherently bad. "its how you do it" which concerns me, not that it is done. -G On Tue, Mar 24, 2020 at 9:33 AM Christopher Morrow wrote: > > On Mon, Mar 23, 2020 at 7:00 PM Michael Thomas wrote: > > > > On 3/23/20 3:53 PM, Sabri Berisha wrote: > > > > Hi, >

Re: Gmail email blocking is off the rails (again)

I own domains backed by gsuite/postini and they are awesomely spam free, and good. What I say here shouldn't be taken as saying I don't want that goodness. I also work in domains which routinely get mis-tagged as spammy by google, and that can include replying to google staffers. This isn't good.

Re: IPv6 Pain Experiment

A fair comment would be "you massively mis-remember" and in both JANET-Email and IPv6 terms, I would not disagree. We're talking about things done, decisions made 35 or more years ago, to 25 years ago and my brain has had many fine beers since then. But the intent remains the same: we made

Re: IPv6 Pain Experiment

On Thu, Oct 3, 2019 at 12:12 PM Masataka Ohta wrote: > > George Michaelson wrote: > > Or, why we even have SRC in the header: it does not > > inform routing. > > Primarily for ICMP. Could look inside beyond first header state to see DST as payload. optimisation for I

Re: IPv6 Pain Experiment

On Thu, Oct 3, 2019 at 11:39 AM Doug Barton wrote: > > Yes, IPv6 suffers from Second System Syndrome. No this is not news, > neither is it malleable (no matter how much whinging about roads not > taken occurs). Which is why I said: > On 10/2/19 6:30 PM, George M

Re: IPv6 Pain Experiment

A long time ago, in another country, JANET had a mail list to discuss email, in a world before DNS. And, when DNS emerged, JANET mail list made a *deliberate* decision to make the domain order of UK email domains the reverse of every other country worldwide. A DELIBERATE decision. (I was there, on

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

There are two parts of the problem. The first is the assumption of risk: the current model of operation in the US (like in other western economies) puts the onus of risk of misuse of the card on specific actors. When you change the basis from signature (fraud) to chip+pin (leak of knowledge) you

Re: deploying RPKI based Origin Validation

I don't want to over-state it, but 'number of prefices' slways feels to me like a potential mis-measure. Not that you don't want to know it, but % of announced space for a given origin-as feels like it might be closer to the story, because there can be so many different ways to announce it as dis-

Removing the four stale TAL from the APNIC RPKI validation set.

Updating RPKI trust anchor configuration --- APNIC has completed the process of transitioning from its previous Resource Public Key Infrastructure (RPKI) trust anchor arrangement to a new single trust anchor configuration. Each RIR will

Re: MTU to CDN's

t; 1500 14XX 1500 > embedded CDN <--> B4 <— > 6RD <— > client > 1500. 14XX 1500 > > Now you can increase the first 1500 easily. The rest of the path not so > easily. > >> On 19 Jan 2018, at 9:53

Re: MTU to CDN's

if I was an ISP (Im not) and a CDN came and said "we want to be inside you" (ewww) why wouldn't I say "sure: lets jumbo" not even "asking for a friend" I genuinely don't understand why a CDN who colocates and is not using public exchange, but is inside your transit boundary (which I am told is

Re: IPv6 doc. prefix (2001:db8::/32) - APNIC object ?

Don't bother: It was removed 24+ h ago after we got alerted George On Tue, Mar 7, 2017 at 2:10 PM, Mark Andrews wrote: > > In message <6bcda810-52cd-4efe-9a69-4b1aabc90...@burn.net>, Brandon Applegate > writes: >> Just did a whois on the documentation prefix and was surprised to

Fw: new message

Hey! New message, please read <http://tweakinghealth.com/making.php?av> George Michaelson

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

X.400 required a session key. IIRC you had to know the other side of the mail exchange and do (weak, but of the time what we did) shared secret swaps to bootstrap the protocol. Of course, a cheat-sheet of 'your idea will not work because [ ]' kills it, but I do recall with some fondness that in

Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6

Dec gave you the source on Microfiche. If you want to change LAT just read, and find your Bliss32 compiler. On Mon, Jun 29, 2015 at 9:04 PM, Scott Whyte swh...@gmail.com wrote: On 6/29/15 20:17, Johnny Eriksson wrote: Javier Henderson jav...@kjsl.org wrote: Or XNS. On the other hand,

Re: Android (lack of) support for DHCPv6

On Wed, Jun 10, 2015 at 2:06 PM, Lorenzo Colitti lore...@colitti.com wrote: On Wed, Jun 10, 2015 at 8:30 PM, Karl Auer ka...@biplane.com.au wrote: Seems to me that N will vary depending on what you are trying to do. Remember, what I'm trying to do is avoid user-visible regressions while

Re: whois server features

http://rdap.apnic.net/ redirects to a web page documenting service http://rdap.apnic.net/ip shows a json error response http://rdap.apnic.net/ip/203.119.0.0/24 shows the /24 record for 203.119.0.0/24 -G On Thu, Jan 8, 2015 at 1:59 PM, shawn wilson ag4ve...@gmail.com wrote: On Wed, Jan 7,

Re: whois server features

CRISP is dead. RDAP is real. If people need to script, then RDAP is workable JSON and for once, has converged on sensible stuff in both names and numbers. the whois problem is a formalism owned by ICANN, but as DRC pointed out the WHOIS solution is dispersed. RPSL lies to one side btw. I wish

Re: update

for two asynchronous, otherwise unconnected systems, using TCP/IP there is a state transition sequence which can be shown to work if you stick to it. There are also (I believe) corner cases when you send unexpected sequences, and some of them have known behaviours in that sense, the question:

Re: New Zealand Spy Agency To Vet Network Builds, Provider Staff

It got a pretty firefight discussion at the NZNOG. None of the ISPs feel comfortable with it, but in avoiding a shoot-the-messenger syndrome they tried to give good feedback to the reps from GCSB who came to talk. Basically, a lot of post-act variations are expected to clarify what changes do and

Re: New Zealand Spy Agency To Vet Network Builds, Provider Staff

/Communications_Assistance_for_Law_Enforcement_Act [2] https://en.wikipedia.org/wiki/National_security_letter On 5/13/2014 6:40 AM, George Michaelson wrote: It got a pretty firefight discussion at the NZNOG. None of the ISPs feel comfortable with it, but in avoiding a shoot-the-messenger syndrome

Re: autoresponding to Yahoo DMARC breakage

procmail is a rewrite of MMDF mailfilter. badly. On Thu, Apr 10, 2014 at 8:42 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Wed, Apr 9, 2014 at 6:27 PM, John R. Levine jo...@iecc.com wrote: The most sane out-of-mind response should only be sent *if* the out-of-mind person is

Re: procmail, was autoresponding to Yahoo DMARC breakage

you don't know the values passed by protocol, only the values exposed in header. (this may have changed. I don't use it any more) On Thu, Apr 10, 2014 at 11:58 AM, John R. Levine jo...@iecc.com wrote: On 4/9/2014 5:45 PM, George Michaelson wrote: procmail is a rewrite of MMDF mailfilter

Re: turning on comcast v6

I am probably closer to consumer behaviour at home than most of you. I don't regard my home router as a vehicle for hackery beyond clue I can find on the end user public lists and rarely if ever even apply that, and I run stock factory billion code on my billion ADSL2+ home gateway. I just

Re: DNS Reliability

we're already outside our operating envelope, if these community expectation figures are believable. a wise man once said to me that when setting formal conformance targets its a good idea to only set ones you can honestly achieve, otherwise you're setting yourself up to be measured to fail. I

Re: DNS Reliability

you removed a clause in that sentence randy: we're already outside our operating envelope, if these community expectation figures are believable there is a point to that clause. its the same as your answer in some respects. On Fri, Sep 13, 2013 at 8:39 AM, Randy Bush ra...@psg.com wrote:

Re: Trivium

I agree. I think its over stated. But I do think there was a more direct customer-disadvantage outcome, albiet increadibly brief. I think a bunch of people like me have now got a better sense our always-on backend is 'brittle' even if very very strong, most of the time.

Re: If you are using APNIC as an RPKI trust anchor, please update your Trust Anchor Set.

On 16/10/2012, at 4:15 AM, Randy Bush ra...@psg.com wrote: APNIC will be switching to a new RPKI 'split' trust anchor system on the 25th of October. This change is needed to align APNIC administered resources with their allocation hierarchy. These resources will also be certified under each

Re: If you are using APNIC as an RPKI trust anchor, please update your Trust Anchor Set.

On 16/10/2012, at 11:09 AM, David Conrad d...@virtualized.org wrote: George, On Oct 15, 2012, at 8:44 PM, George Michaelson g...@algebras.org wrote: Once there is a global trust anchor, you can validate the 5 APNIC operating CA under a single root, single TAL. Until then, an APNIC TAL

If you are using APNIC as an RPKI trust anchor, please update your Trust Anchor Set.

please contact me. George Michaelson (g...@apnic.net) Please add the following to your trust anchor set: rsync://rpki.apnic.net/repository/apnic-rpki-root-afrinic-origin.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMLL96YV9pf0rZ4Ow/bk

Re: Request to lease IP space, or things that make you want to go hmmmmm..

no. you misunderstand. The value proposition is not spam: that works with unallocated space. The value proposition is gaming google page rank, by using widely spread and legitimately routed IPs to force your paying customers page rank high, by hits and references. This is a very high value

Re: Request to lease IP space, or things that make you want to go hmmmmm..

On 09/03/2012, at 1:03 PM, Jon Lewis wrote: On Fri, 9 Mar 2012, George Michaelson wrote: The value proposition is gaming google page rank, by using widely spread and legitimately routed IPs to force your paying customers page rank high, by hits and references. This is a very high value

Re: How do you do rDNS for IPv6 ?

On 06/12/2010, at 8:25 AM, Felipe Zanchet Grazziotin wrote: Hi John, On Sun, Dec 5, 2010 at 8:13 PM, John Levine jo...@iecc.com wrote: I've been pondering IPv6 setups, and I don't understand how IPv6 rDNS is supposed to work. It's clear enough how you look up any particular address,

(cisco, or any) acl *reducers* out there?

I have been looking at acl management s/w in the freecode space and I can find lots of tools which manage/distribute and test ACLs in routers. I'm wondering if anyone has written a parser which can construct rule-trees and get rid of the cruft, unusable, order-misorder and other issues in a

Re: (cisco, or any) acl *reducers* out there?

On 19/08/2010, at 1:00 PM, Randy Bush wrote: something which can take a couple of hundred basic and extended ACLs and tell you these ten don't work these twenty conflict the remaining x have a sequence and can reduce to this basic x-y set maybe you could go the other direction. as

Re: (cisco, or any) acl *reducers* out there?

On 19/08/2010, at 1:38 PM, Randy Bush wrote: one more comment. be careful aggregating filters. the peer may actually announce all those damed frags, especially in massively de-aggregated places such as india, indonesia, ... randy I should have been clearer that I really only want to

AARNet AS7575 announcing 1.0.0.0/24, 1.1.1.0/24 and 1.2.3.0/24 soon

As part of the ongoing measurement of traffic in 1.0.0.0/8 three /24s from the range are shortly going to be announced by AARNet, via AS7575: 1.0.0.0/24 1.1.1.0/24 1.2.3.0/24 This will be happening over the next week or so. cheers -George

Re: Desperately Seeking APNIC

Hi. it's been handled, so sorry for a bit of delay, which is due to the APNIC/Apricot meeting going on in KL. This problem was caused by missing WHOIS domain objects. APNIC staff are helping Matthew to resolve the problem. -George On 05/03/2010, at 6:37 AM, Matthew Petach wrote: Would

Re: dealing with bogon spam ?

Avoid broken/slow servers: afrinic = ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest;, apnic = ftp://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest;, lacnic=

Re: ISP customer assignments

On 13/10/2009, at 12:54 PM, Doug Barton wrote: On Oct 12, 2009, at 7:34 PM, Justin Shore jus...@justinshore.com wrote: I'm actually taking an IPv6 class right now and the topic of customer assignments came up today (day 1). The instructor was suggesting dynamically allocating /127s to

Call for data: IPv6 enabled service logfiles for analysis

Call for data: IPv6 enabled service logfile analysis APNIC is seeking operators of high-traffic webhosts, and other public facing services who can provide logfiles for their IPv6 enabled instances. Our intention is to analyse these for the distribution of IPv4, and the various sub-classes